tv Bloomberg West Bloomberg August 7, 2015 4:30pm-5:01pm EDT
emily: it is a largest hacking gathering in the world -- def con, ground zero to the latest hack attacks and sell th self-defense. no computer systems are saved here. bloomberg west is the first show ever to broadcast from def thein las vegas with masterminds of the cyber underworld. an exploding to multibillion dollar business. chang and welcome to a special bloomberg west live from def con in las vegas. coming up, some of the most talked about hacks of the year.
we will talk to a former assistant fbi director. plus, how big business goes about recruiting hackers at def con. by brucel joined schneider. all of that on this very special bloomberg west. we begin with new details in the investigation of the hack of the pentagon e-mails. the washington post reporting rushing packers -- russian hackers were behind the breach of the e-mail system. this is the latest in a string of major hacks over the last couple of years. november 2013, one of the biggest retail breaches in history. russian hackers are believed to gain access to 40 million credit cards at target. 83 million personal and smaller business accounts compromised. three months later, home depot
-- 56 million credit and debit cards and e-mail addresses stolen. fast forward to november 2014, employee e-mails and data released. $15 million spent investigating the breach by sony and its believe north korea took k responsibility. chinese hackers took data from 88 million accounts from anthem. the office of personnel management, the social security numbers of government employees were stolen. chinese hackers are expected to be responsible. con is about much more than cyber security. the federal trade commission is also here. they want to tackle robocalls. they are trying to drum up interest to combat those pesky automated calls. joining me is the ftc
commissioner. thank you for joining us. you have spent a lot of time with this community. why is the ftc reaching out to hackers? premierhe ftc is the protection agency. as consumers are using technology that is connected, we have to be vigilant about protecting their privacy and data security. we worked with the hacker community to understand how their research is affecting consumers. emily: how can you fight robo calls? theell: those are automated phone calls to get even if you are not on the do not call list. it is hard for us to combat these robos. what we are doing is giving context and hackers and
how well do you think companies are protecting us? terrell: we look carefully at all the technology people are using. the snapchat case involves an app where information will disappear but it turned out it was easy to capture them. that is what our cases about. we also have cases against facebook and google and others, really looking carefully at the privacy promises they are making to consumers and whether they are upholding them. that is where the technologists come in. we need people to understand the code, the practices and 12 us understand -- and to help us understand. emily: the ftc decided not to take a closer look at an antitrust perspective but at the same time the eu has a big investigation into google and research practices in europe. should you take another look at
google? terrell: that case was closed before i joined the commission. i think it would be highly unusual for the commission to go back and reopen a case. emily: what about apple music? there is reports you are considering opening investigation into apple music. do you believe it is anti-competitive and if so how? terrell: i cannot comment on any pending cases. we look carefully across weferent sectors wand will continue to do that. emily: let's talk about the rise of the internet of things and computers and every device we are using. we are talking about hacking cars, hacking safes and phones. what is most concerning to you as the person running the ftc? terrell: i spent some time this morning in the village where hackers are looking at a bunch of devices consumers have from
television to refrigerators and baby monitors. growing sector that is bringing a lot of innovation to consumers. a wide range of practices. concerning to me as a consumer and federal trade commission are. er. i think we need to have better security practices around these devices. what i'm seeing at this conference is a lot of hackers to break into consumers' home networks using these devices. emily: all right, thank you so much for joining us. consumers' home networks using these devices. well, they may be hackers at def con but their future employers have been close by. everyone from snapchat to the u.s. government are here hoping to sign up talent, including companies like nike.
it is not easy. there are more than 209,000 unfilled cyber security jobs in the united states and demand is expected towell, they may be hah 2018. we asked recruiters what it takes to catch their eye. ♪ >> we have over 200 positions available for cyber security reallys and are excited by the number of people we see here and the talent we can get to work for us. always look for frontline technicians. they can be trusted advisors to our customers. those that are so fascinated about security and are willing to learn.
>> we have grown 300% in the last five years in this area so to pay market rates. >> it is very easy to meet somebody in the beginning of their career and passionate about that. they are all here. here, all the other companies have the them and weto get to think we are the better home. emily: coming up, car hacking -- how big a deal is it? how big of an opportunity is it? wasting $7 billion on the tsa according to one traffic security expert. my interview is coming up. we will leave you with this memorable hack. your skateboard is no longer safe. yes, that skateboard was hacked.
hackers try to take control of a car and a managed to succeed but only after connecting a laptop to the car directly. so, what does it mean for carmakers? do computer companies respond? i'm joined by shawn henry. thank you for joining us. when shawn joined me, he asked me if my phone was a do computes respond? i'm care and i thought it was -- was secure and i thought it was. should i be worried about getting hacked? shawn: you have a lot of people here that are adventurous and innovative and always looking for new and interesting ways to get into different components. when you talk about tesla and the vehicles, as more and more devices become connected, the attack comes wider. those who have malicious intent are trying to find ways to get into access them. emily: how concerned should we be about car hacking? shawn: as everything begins to
get connected, we are talking about refrigerators being connected, medical devices. cars are the next phase. anything that has a wireless component to the internet potentially is able to be accessed. those with malicious intent will look for vulnerabilities. emily: they are looking to build cars that are on hackable. is this an area that should have interest? shawn: we don't think you can ca prevent all hacks. adversaries are looking for those foam or abilities to exploit -- vulnerabilities to exploit. if you detect the attack, you can mitigate the consequences. when adversaries have access to a device undetected, that is when the malicious activity occurs. emily: what is the next big attack? shawn: industrial control systems that control our
infrastructure like water, sewer, etc. these are the digital interfaces that allow human beings to control the big turbines, the generators. i think we know there are adversaries like terrorist groups that are interested in impacting critical infrastructure. emily: we keep hearing about this scenario where critical infrastructure will be attacked. it has not happened yet. why not? i think it is more death by 1000 cuts. there was a report that said over 100 systems were impacted. i don't think we hear about that because the impact so far as been relatively small. when you stack these up against each other, they become dangerous and we will see one of those big attacks eventually. emily: can china take out our infrastructure right now? shawn: china has the capability and the access to critical infrastructure to have an impact. whether it is the type of attack
that is a digital 9/11, i'm not really sure but they have the ability to impact our lives. emily: how do you plan to spend the $100 million? are they specific kinds of technologies? shawn: much of our technology is built in-house. we will be continuing to reinvest in technology. it is important to constantly look for those new capabilities to bring smart people in, the biggest brains to help us continue our products and support companies that need the ability to detect these attacks. emily: what is the new frontier in cyber security? where is the most innovation happening? shawn: it is about getting visibility into the networks. at crowd strike, we have a product that provides complete visibility into the endpoint so organizations can see what is happening around the corner. actually singing bits and pieces
-- seeing bits and pieces of an attack and put those together so we can predict when attacks are going to occur, when an adversary is starting to launch a hack. henry,all right, shawn always great to have you here on the show. i will try to stay safe. thank you. we were talking about dealmaking and who is doing business on the sidelines here. fireeye president is saying the market is hot and that security is ripe for consolidation. >> we are in a time in the marketplace where we have never been before. we have better funding than in the past. a couple of things will come out of that. you see a little bit of a bubble on the pricing of these things both in the private sector -- at some point in time it will constrict. kevin: it is like that in every market. you expand and constrict.
the constriction will be inorganic acquisition. emily: what about going public? that is certainly on the radar for cisco. the company that can go public will. >> i think we will see more ipo's. there is a lot of money on the sidelines for cyber security. as a result, companies that fit the profile have the numbers and public,f they can get they will. emily: up next, why one security guru here says it is time to break up the nsa. our interview with security technologist bruce schneider. a china-backed hack gets even bigger. american airlines joins anthem. ♪
emily: remember this? a semi automatic handgun strapped to a drone shoots on its own thanks to a clever hack. a youtube clip of this has gotten more than 3 million views since being posted a month ago. it is time now for the daily byte. today's byte is one billion. a company is one of the world's largest clearinghouses for travel reservations. they keep one billion travel records on file every year. people familiar with the investigation say the companies were hit in the same wave of attacks that targeted anthem and
the u.s. office of personnel management. the american airlines attacks were not previously reported and are the broadest yet. just how dangerous are these airline hacks? it happen again? the answer is yes according to our next guest. bruce schneider is an expert and author of 12 security books. he says the tsa's 95% failure rate does not justify their budget. instead, the money should be spent on intelligence. at defs with me here con. you are quite the celebritythe o our next guest. bruce schneider is an expert and author of here. a lot of people very excited about the talk you gave. i want to start with airlines. just how dangerous is this? bruce: we don't actually know. airlines are not immune to hacking just like any other industry. we are seeing a lot of attacks against personal information
whether it is by government or criminals. we are all vulnerable. emily: could they take down a plane? bruce: that is a different kind of thing entirely. there is research done for attacks on vehicles. attacking planes remotely seems remote, but as things get computerized and then we don't know. emily: what about the tsa? you were very critical around them around 9/11. it idoes not sound like you are a fan. bruce: there have been tests where people try to bring weapons through checkpoints and the tsa has high failure rates. a high failure rate is not really a problem because as long as there is a decent chance you are caught, you will not try it. but if you know you can get through, the tsa is not doing their job. pre-9/11 is all we need.
tsa assumes we are guessing the plot. investigation, intelligence and emergency response works regardless. emily: there has been quite a rift between the hacking community and the tsa and light what happened with edward snowden. how would breaking up the tsa work? bruce: the nsa has two missions. they have a mission to defend networks and to attack for networks. they are in conflict. when the same organization, you have one fighting the other. separating those out would make us more secure. emily: the nsa is supposedly working on a computer that could see through anything. how optimistic are you? bruce: it is not stupid science-fiction, but not anytime soon. anything we know about quantum computing, in 50 years it'll be
something cool. emily: how would you rate the government's actual capabilities when it comes the cyber spying? a biggere nsa has budget than anybody else. because the way the net works, so much traffic goes through the united states and the nsa's spying filters. they can do a lot, but they are not made of magic. they are still constrained by economics, by physics, by mathematics. while they can do a lot, they cannot do everything. emily: what is the biggest hack attack coming that we are not ready for? bruce: the thing about not being ready for is you don't know what it is. hack attacks surprise you. my guess it is something we are not thinking about. as computers get embedded into everything -- your computers, your cars, your thermostats -- they all become
vulnerable. emily: how do we protect ourselves? bruce: this is something that requires government intervention and legislation. nobody really has a vested interest. it's something government can help. fortunately, government does not want to do that right now. emily: bruce schneider, nobody really has a vested interest. celebrity hacker an expert on all things security. thank you for joining us. that does it for this special edition of "bloomberg west" live from def con in las vegas. i want to was a very special happy birthday to my grandmother in philadelphia. she watches my show every single day from the very beginning. i'm so grateful for that. i love you, grandma. happy birthday. ♪ celebrity hacker an expert on all things security.
john: i'm john heilemann. mark: with all due respect to the republican candidates in only one of debate, you can be the next ronald reagan. ♪ on the show tonight, everyone, but first breaking news -- the most significant thing to happen since last night republicans debate haven't been ago on -- happened on fox news moments ago. listen to jeb bush returning to his posture from a while ago and talking critical of donald trump. mr. bush: this reminds me of barack obam n